[Swan-dev] Set keyingtries to 1 for Opportunistic Encryption connections
Paul Wouters
paul at nohats.ca
Tue Mar 3 14:21:27 UTC 2020
> On Mar 3, 2020, at 00:38, Antony Antony <antony at phenome.org> wrote:
>
>
> I prefer pluto do not override explicit user settings. If the user set non
> default pluto value pluto should not replace it. With warning or not!
>
> Think of small mesh settings, where it is ok to try infinitely.
The problem is that:
Current shunt handling cannot deal with this, as the second keyingtries sometimes tries to install a second shunt, which sometimes “works” due to not being widened. This is causing customer issues that at resolved by setting it to 0.
It is also unclear which if any shunt should be installed during keyingtries > 1
Also, if your mesh is symmetric, it doesn’t actually help to try infinitely against a host that doesn’t have it. If that host gains it, the first plaintext will trigger that host to do OE, so there isn’t a delay in not having keyingtries=0 - you gain nothing from the infinite attempts.
Paul
Paul
More information about the Swan-dev
mailing list